- give the focus to the packet_list when a capture file is opened, and
each time we change the selection in the packet list (it seems that
the tree view has the focus if we don't do this) ;
- in set_plist_sel_browse() : it seems that packet_list->selection_mode
is always 0 in GTK2 so we can't use it to determine the current mode.
Use a static variable instead.
This should fix the second part of debian bug #199763
svn path=/trunk/; revision=8045
Almost completely rewritten in order to:
- be able to use a unlimited number of ringbuffer files
0 specified with -b argument or in the GUI, means that the number of file
is unlimited.
else the maximum number of ring buffer files is arbitrarily set to 1024.
- close the current file and open (truncating it) the next file at switch
- set the final file name once open (or reopen)
- avoid the deletion of files that could not be truncated (can't arise now)
and do not erase empty files
The idea behind that is to remove the limitation of the maximum # of
ringbuffer files being less than the maximum # of open fd per process
and to be able to reduce the amount of virtual memory usage (having only
one file open at most) or the amount of file system usage (by truncating
the files at switch and not the capture stop, and by closing them which
makes possible their move or deletion after a switch).
svn path=/trunk/; revision=7912
least some UNIX utilities, of listing all the flags with no arguments in
a single lump, and then listing the ones with arguments individually;
also, make lines as long as possible, as long as they fit in 80 columns).
svn path=/trunk/; revision=7815
when the new "Rotate capture file every n second(s)" checkbox or the
-b <# of file>[:<duration>] argument are used, [t]ethereal will skip to the
next ring buffer file if the specified duration has elapsed (even if the
specified capture size is not reached). This is useful when you want to have
separate capture files per hour or day for instance.
I let the autostop filesize parameter mandatory (i.e. the "rotate capture
file after n kilobytes") but this could be no longer strictly necessary when
that new feature is used ...
Another point: it might be interesting to really truncate the file at the
switch and not the closure ... According to user comments and my own real
case tests, I might plan to enhance this point and others (still ring buffer
related) in the future.
svn path=/trunk/; revision=7678
Support can be enabled at configure time by using "--with-adns=DIR".
If support is enabled, async queries happen whenever host name resolution
is enabled. Do we need a separate preference for async queries?
Currently, only IPv4 reverse queries are supported. I can add IPv4 forward
lookup support, but I don't have any way to test IPv6 queries.
svn path=/trunk/; revision=7640
"proto_construct_dfilter_string()", to more accurately reflect what it
does.
Give it, and "proto_can_match_selected()", an "epan_dissect_t *"
argument, which replaces the raw data pointer argument to
"proto_construct_dfilter_string()".
For fields that don't have a type we can directly filter on, we don't
support filtering on the field as raw data if:
the "epan_dissect_t *" argument is null;
the data source tvbuff for the field isn't the tvbuff for the
"epan_dissect_t" in question (i.e., it's in the result of a
reassembly, and "frame[N:M]" can't get at it).
Trim the length the raw data in the case of such a field to the length
of the tvbuff for the "epan_dissect_t" in question, so we don't go past
it. Fetch the raw data bytes to match from that tvbuff.
Have "proto_construct_dfilter_string()" return a null pointer if it
can't construct the filter string, and have "protocolinfo_packet()" in
the tap-protocolinfo tap ignore a field if
"proto_construct_dfilter_string()" can't construct a filter string for
it - and have it pass NULL as the "epan_dissect_t *", for now. If
somebody decides it makes sense to dump out a "frame[N:M] =" value for
non-registered fields, it can be changed to pass "edt".
svn path=/trunk/; revision=7635
referring to a GString containing an error message on failure, and don't
have it print anything on failure.
If it fails, have its Tethereal-tap callers print an error message
before exiting, and have its Ethereal callers pop up a dialog box with
the error (except in cases where the failure is guaranteed not to be the
user's fault, and where we exit, in which case we just print an error
message before we exit). In all cases, the error message includes the
text of the GString.
Fix a scanf format string in the DCE RPC statistics Ethereal tap, so
that it properly skips the comma before the filter string.
Fix some Ethereal error messages not to say "tethereal".
svn path=/trunk/; revision=7542
registration routines, for taps with menu items (taps that can be run
from the "Tools->Statistics" menu), create the menu item for the tap.
"make-tapreg-dotc" constructs a "register_all_tap_menus()" function that
calls all the tap menu item registration routines it finds, and Ethereal
calls that routine after the main window has been constructed (so that
the main menu exists, as the menu items are added to it). (Tethereal
doesn't call it.)
Get rid of the "menu" and "menu_init" arguments to
"register_ethereal_tap"; the menu item is registered in the tap's menu
item registration routine, not in its main registration routine.
Have the RTP GUI tap register its menu item that way, rather than by
having it compiled into "gtk/menu.c". (We're not ready yet to have taps
whose menu items are under a submenu register themselves in that
fashion, as "register_tap_menu_item()" can't yet create submenus.)
svn path=/trunk/; revision=7540
to "protect" what's currently in the column, so that attempts to clear
the column will only clear stuff after the fence and attempts to
overwrite the column will append stuff after the fence. This, for
example, allows a dissector to arrange that the Info column contain
information for its protocol and for protocols running atop it.
svn path=/trunk/; revision=7466
Ethereal/Tethereal was linked into a common routine, and use that in
both Ethereal and Tethereal.
Add to that routine code to get OS version information.
svn path=/trunk/; revision=7320
"goto_frame()", not to assume that all frames are being displayed and to
go to the row whose number is the frame number - 1.
svn path=/trunk/; revision=7242
frame number, which is always decimal. If you select an FT_FRAMENUM
field, there are menu items that let you go to the frame whose frame
number appears in that field.
Add FT_FRAMENUM fields for the ONC RPC "matching request is in this
frame" and "matching reply is in this frame" protocol tree items.
svn path=/trunk/; revision=6802
- when processing tap extensions command line options, wait until the
main window has been created before opening the tap window, to avoid
lots of GTK warnings.
svn path=/trunk/; revision=6601
This adds functions to register the command line arguments to use the API in the same way as is done for tethereal.
Later it may be extended to also register the GUI/Menu entry point to ethereal using this api but that iwll be later since the changes required to menu.c are not as intrusive as the main.c command line parsing ones were.
Some of the latest changes (before this checkin) has made ethereal to produce lots of GTK errors when starting up the extension windows.
They were there before this checking but will be investigated.
svn path=/trunk/; revision=6566
to declare "getopt()" and the variables it uses; tethereal.c already
includes it, but gtk/main.c and gtk2/main.c, which also use "getopt()",
don't - make them do so.
svn path=/trunk/; revision=6497
building with an SNMP library.
If we have Net-SNMP, include <net-snmp/version.h>, not
<ucd-snmp/version.h>.
Don't include any of the SNMP headers unless HAVE_SOME_SNMP is defined.
Include <net-snmp/config_api.h> if we have Net-SNMP, to declare
"read_premib_configs()" and "read_configs()".
Supply the include directories for Net-SNMP in the Makefile.nmake for
GTK 1.2 and GTK 2.
svn path=/trunk/; revision=6493
Define HAVE_SOME_SNMP if either HAVE_UCD_SNMP or HAVE_NET_SNMP
is defined, and use HAVE_SOME_SNMP, rather than HAVE_UCD_SNMP,
in most places when testing whether we have an SNMP library or
not.
Be more selective when including Net-SNMP header files.
Fix up {gtk,gtk2}/main.c to do the same SNMP stuff that tethereal.c
does - including the MIB stuff that gtk/main.c was doing but gtk2/main.c
wasn't doing.
Fix the copyright date in gtk/main.c.
svn path=/trunk/; revision=6483
In gtk/main.c and tethereal.c set MIBDIRS to <get_program_path()>\snmp\mibs
so that we can drop the MIB files there, instead of the default c:\usr\...
path.
Add NET_SNMP_DIR to config.nmake and modify Makefile.nmake to adjust
CFLAGs, ethereal_LIBS and tethereal_LIBS accordingly.
Define HAVE_UCD_SNMP in config.h.win32.
I tested this by creating c:\program files\ethereal\snmp\mibs and
dropping in the MIB files that come with Net-SNMP. Ethereal resolved
system.sysDescr.0 to "iso.3.6.1.2.1.1.1.0" under Windows. Under Linux
it resolved to "SNMPv2-MIB::sysDescr.0".
Ethereal.nsi still needs to be updated.
A compiled version of the Net-SNMP library can be found at
http://www.ethereal.com/distribution/win32/development/
svn path=/trunk/; revision=6385
Update gtk and gtk2 versions of RPC_STAT to allow a filter string to be specified on both the command line as well as the GUI.
Update the documentation for ethereal to reflect this.
svn path=/trunk/; revision=6343
- moved color_filter_t in color.h
- change color_filter_t to use color_t instead of GdkColor
This changed allowed to remove the last gtk includes in file.c. It is
now completely free of any gtk related code.
svn path=/trunk/; revision=6324
Currently Ethereal sets and uses a default directory for reading
and writing, but only in some places. This set of patches extends
the setting of the default directory to the -w option as well as
the -r option, and causes all file dialogs to use and set the
default consistently. (I haven't changed the
Preferences/Printing/File dialog, though, as that's a special
case.)
There's also a fix for a bug where Ethereal was issuing the
message "Ring buffer requested, but capture isn't being saved to
a permanent file" even though a file was specified with -w.
There also appear to be some other cleanups in his patch.
svn path=/trunk/; revision=6238
Gtk1 is still single threaded so if the tap extensions need to do something
time consuming or cpu intensive, then the main application will suffer.
It is better than nothing.
svn path=/trunk/; revision=6215
reassembled packet and are thus not limited to the maximum frame size;
leave room for a Really Big number in the length item in the status bar,
and use "snprintf()" to format the length item Just To Be Sure.
svn path=/trunk/; revision=5839
the command-line options are processed, so that we don't crash if you've
set the "column.format" preference from the command line.
Fix a grammaro in a comment.
svn path=/trunk/; revision=5838
"colfilter" structure contained items of use only when the colorizing
dialog was up, so make the items in it private to "gtk/color_dlg.c".
Make the "Edit" and "Delete" buttons sensitive only when a row is
selected, and make the "Up" and "Down" buttons sensitive only when a row
is selected *and* that row has somewhere to move in the specified
direction.
svn path=/trunk/; revision=5575
- Exit if an error is found in the options or arguments.
- In print_usage(), improve the visibility of any getopt() error
message by suppressing the version information when -h is not
specified, and by adding an empty line.
Ethereal:
- If the -k option is specified, use the interface in the preferences
file, if present.
- Prevent the user from specifying any hidden options which are used
internally in -S mode.
Tethereal:
- Fix a memory leak in the processing of the -f option.
- In print_usage(), change "capture file type" to "output file type",
which I think is clearer; move the -q flag from the non-libpcap case
to the libpcap case.
svn path=/trunk/; revision=5525
the argument is "fields", dump out a table of the fields, as we
currently do; if the argument is "protocols", dump out a table of the
protocols.
svn path=/trunk/; revision=5462
have "filter_packets()" make a copy of the filter string handed
to it, as it may save the filter string in the "capture_file"
structure, and the caller of "filter_packets()" shouldn't have
to worry about the string it passed to "filter_packets()" being
stashed away somewhere so that it can't just free that string or
change it;
have callers of "filter_packets()" free up the string they
handed to it, if the string was allocated and they're done with
it;
plug some memory leaks in "match_selected_cb_do()".
Check for an illegal "action" argument being passed to
"match_selected_cb_do()".
Move some keys out of "keys.h" into "gtk/main.c", as they're only used
in "gtk/main.c".
Make the pointer to the filter list a data item for the combo box, as
it's a copy of the list of strings for the combo box, rather than
attaching it to the widgets that activate the filter (a pointer to the
combo box *itself* is a data item for those widgets).
In "filter_activate_cb()", make a copy of the text from the text entry
field as soon as we fetch it, and use that copy. Free that copy if
we didn't add the filter to the filter list.
Don't make a copy of the entire filter list and use that to set the
combo box's list of items - just use the list itself. Also, when the
list is changed, make the new value the data for the combo box (the list
pointer will actually not be changed, because we happen to be using
"g_list_append()", but let's not rely on that).
svn path=/trunk/; revision=5368
Use the "nb" argument to "redraw_hex_dump()", so we redraw the specified
byte view pane, rather than always redrawing the main window's byte view
pane (and never redrawing the byte view pane of additional packet
windows, so that the font for them doesn't change if you change the font
preference).
svn path=/trunk/; revision=5066
Make the directory option to "--with-ucdsnmp" optional. Handle
"--with-ucdsnmp" similar to the way "--with-pcap" is handled.
Get rid of unnecessary #defines in "packet-cops.c".
Get rid of no-longer-necessary include of "dlfcn.h" in "packet-snmp.c".
svn path=/trunk/; revision=4930
Ethereal doesn't dissect SNMP if not linked with an SNMP library (and
*did* confuse at least one person into thinking that). Say "without
SNMP MIB support", instead, as you only lose the ability to read SNMP
MIBs and interpret OIDs and variable bindings according to those MIBs.
svn path=/trunk/; revision=4894
an "err" argument that points to an "int" into which to put an error
code if it fails.
Check for errors in one call to it, and note that we should do so in
other places.
In the "wtap_seek_read()" call in the TCP graphing code, don't overwrite
"cfile.pseudo_header", and make the buffer into which we read the data
WTAP_MAX_PACKET_SIZE bytes, as it should be.
In some of the file readers for text files, check for errors from the
"parse the record header" and "parse the hex dump" routines when reading
sequentially.
In "csids_seek_read()", fix some calls to "file_error()" to check the
error on the random stream (that being what we're reading).
svn path=/trunk/; revision=4874
Move the ringbuffer capture options from the "capture_file" structure to
the structure for capture options, as they're a property of an
in-progress capture, not a property of a particular capture file.
svn path=/trunk/; revision=4799
"capture_file" structure - they're a property of an in-progress capture,
not a property of an open capture file. Make them just variables.
The maximum number of packets to be captured should be a variable
separate from the "count" field in the "capture_file" structure - the
latter is a count of the packets in the capture file in question.
Have Boolean variables indicating whether a maximum packet count,
maximum capture file size, and maximum capture duration were specified.
If an option isn't set, and we're doing an "update list of packets in
real time" capture, don't pass the option to the child process with a
command-line argument.
Don't create "stop when the capture file reaches this size" or "stop
when the capture's run for this long" conditions if a maximum capture
file size or a maximum capture duration, respectively, haven't been
specified. Don't test or free a condition if it wasn't created.
Don't allow a 0 argument to the "-c" flag - the absence of a "-c" flag
is the way you specify "no limit on the number of packets".
Initialize the check boxes and spin buttons for the "maximum packets to
capture", "maximum capture size", and "maximum capture duration" options
to the values they had in the last capture. If an option wasn't
specified, don't read its value from the dialog box and set the
variable.
svn path=/trunk/; revision=4795
"int" and to check "getopt()"s return value with -1 rather than EOF.
Fix other "getopt()" loops to check against -1 as well (EOF is -1 on
most if not all platforms, but the Single UNIX Specification says
"getopt()" returns -1, so we should check against -1, not EOF).
svn path=/trunk/; revision=4793
"data source" has a name and a top-level tvbuff, and frames can have a
list of data sources associated with them.
Use the tvbuff pointer to determine which data source is the data source
for a given field; this means we don't have to worry about multiple data
sources with the same name - the only thing the name does is label the
notebook tab for the display of the data source, and label the hex dump
of the data source in print/Tethereal output.
Clean up a bunch of things discovered in the process of doing the above.
svn path=/trunk/; revision=4749
reading the capture file. Have callers of "wtap_snapshot_length()"
treat a value of 0 as "unknown", and default to WTAP_MAX_PACKET_SIZE (so
that, when writing a capture file in a format that *does* store the
snapshot length, we can at least put *something* in the file).
If we don't know the snapshot length of the current capture file, don't
display a value in the summary window.
Don't use "cfile.snap" as the snapshot length option when capturing -
doing so causes Ethereal to default, when capturing, to the snapshot
length of the last capture file that you read in, rather than to the
snapshot length of the last capture you did (or the initial default of
"no snapshot length").
Redo the "Capture Options" dialog box to group options into sections
with frames around them, and add units to the snapshot length, maximum
file size, and capture duration options, as per a suggestion by Ulf
Lamping. Also add units to the capture count option.
Make the snapshot length, capture count, maximum file size, and capture
duration options into a combination of a check box and a spin button.
If the check box is not checked, the limit in question is inactive
(snapshot length of 65535, no max packet count, no max file size, no max
capture duration); if it's checked, the spinbox specifies the limit.
Default all of the check boxes to "not checked" and all of the spin
boxes to small values.
Use "gtk_toggle_button_get_active()" rather than directly fetching the
state of a check box.
svn path=/trunk/; revision=4709
"epan/..." pathnames, so as to avoid collisions with header files in any
of the directories in which we look (e.g., "proto.h", as some other
package has its own "proto.h" file which it installs in the top-level
include directory).
Don't add "-I" flags to search "epan", as that's no longer necessary
(and we want includes of "epan" headers to fail if the "epan/" is left
out, so that we don't re-introduce includes lacking "epan/").
svn path=/trunk/; revision=4586
Separate the preferences value for those flags and the name resolution
code's value into separate variables; this means that the resolution
code no longer depends on the preferences code, and may let us
eventually have the current setting and the preference setting differ
(so that a user can temporarily override the preference setting without
causing subsequent saves of the preferences to save the temporary
value).
Add routines to create various types of widgets for preferences, and to
fetch the values for "enumerated" preferences, and use them both in the
code to handle hardwired preference pages and table-driven preference
pages.
svn path=/trunk/; revision=4536
Support for generating filter expressions based on packet list
column values
Support for adding filter expressions generated from column or
protocol tree field values to the current expression rather
than replacing the current expression
svn path=/trunk/; revision=4522
preference, and add it to the list of scrolled windows; call that
routine to create scrolled windows, rather than creating it and calling
other routines to do the other two operations.
As "set_scrollbar_placement_all()" and "set_ctree_styles_all()" always
set the styles to match the user's preference, don't have them take an
argument, have them just use the user's preference settings.
Get rid of unnecessary includes of "prefs_dlg.h", replacing them with
includes of "prefs.h" if necessary. Don't have "prefs_dlg.h" include
"prefs.h" - its sole purpose is to declare routines defined in
"prefs_dlg.c" - and add any additional includes of "prefs.h" this
requires.
Get rid of unnecessary includes of "prefs.h" and "gtkglobals.h".
Fix up white space.
svn path=/trunk/; revision=4521
based on the user's UI preferences, and add them to a list of GtkCTrees.
Use those routines to create all GtkCTrees.
Have a routine to update the preferences for all of those GtkCTrees.
Call that routine whenever the preferences change.
Label the line and expander style preferences as "Tree line style" and
"Tree expander style", as they no longer apply only to protocol trees.
Move the routines to maintain a list of scrolled windows, and to update
scrollbar placement for scrolled windows, to "ui_util.c".
svn path=/trunk/; revision=4520
and "Automatic scrolling in live capture" options from the preference
settings for them, so that the preference settings affect the initial
values of those options, but changing those values in a capture don't
affect the preferences, and don't automatically get saved when you save
the preferences.
If we're building without libpcap, don't have an "Automatic scrolling in
live capture" option anywhere.
svn path=/trunk/; revision=4514
(by deleting the main window or selecting File->Quit or typing ^Q) while
an "Update list of packets in real time" capture is in progress, we can
abort the capture.
Arrange that "fork_child" is -1 when there is no capture child, so said
routine knows when it can kill the child.
When we exit, kill off any capture child, using that routine, and, if
we're exiting due to a request to delete the main window and, if a read
is in progress (from an "Update list of packets in real time" capture),
don't delete the main window - just set the "Read aborted" flag, so that
the code doing the read will see that flag (it will be called because
the pipe to the capture child is closed due to the child exiting) will
see that and clean up and exit itself.
svn path=/trunk/; revision=4498
the geometry is saved at exit. Should we save the main window pane
sizes as well?
Move the DEF_WIDTH and DEF_HEIGHT #defines from gtk/main.h to prefs.h.
Remove the reference to DEF_WIDTH from proto_hier_stats_dlg.c.
svn path=/trunk/; revision=4462
Put a hash-table of "interesting" fields in the per-proto-tree data.
The dfilter code records which fields/protocols are "interesting" (by which
I mean, their value or existence is checked). Thus, the proto_tree routines
can create special arrays of field_info*'s that are ready for the dfilter
engine to use during a filter operation.
Also store the "proto_tree_is_visible" boolean, renamed "visible", in
the per-proto-tree data.
Move epan_dissect_t to its own header file to make #include dependencies
easier to handle.
Provide epan_dissect_fill_in_columns(), which accepts just the epan_dissect_t*
as an argument.
epan_dissect_new() needs to be followed by epan_dissect_run() for the
dissection to actually take place. Between those two calls,
epan_dissect_prime_dfilter() can be run 0, 1, or multiple times in order to
prime the empty proto_tree with the "intersesting" fields from the dfilter_t.
svn path=/trunk/; revision=4422
Add a routine to ui_util.c that sets a window's icon pixmap to a 16x16
version of the 3D logo. Call the routine for each window that is created.
This has been tested with kwm and Sawfish (which expect a 16x16 icon), but
we may have to come up with a better solution for other window managers
(e.g. olwm and mwm).
Add a 3D exclamation point image. Replace the exclamation point and
Ethereal logo images used in simple_dialog() with their 3D counterparts.
Remove the old icons from the source distribution.
svn path=/trunk/; revision=4390
already contain a pointer to an epan_dissect_t, which contains
the proto_tree.
Routines calling epan_dissect_new() do not create their own
proto_tree via proto_tree_create_root(); instead, they pass a boolean
to epan_dissect_new() telling it whether it should create the root
proto_tree.
svn path=/trunk/; revision=4343
files to get that big.
From Thomas Wittwer and Matthias Nyffenegger:
Support for "ring buffer mode", wherein there's a ring buffer of N
capture files; as each capture file reaches its maximum size (the ring
buffer works only with a maximum capture file size specified), Ethereal
rolls over to the next capture file in the ring buffer, replacing
whatever packets might be in it with new packets.
svn path=/trunk/; revision=4323
as the pathname of a capture file to be read. If more than one such
option is specified, print a usage message.
Fix the documentation of the "-r" option to Ethereal and Tethereal.
svn path=/trunk/; revision=4253
access their own "pinfo". A packet_info is stored in epan_dissect_t,
which is created for the dissection of a single packet.
GUI functions which need to access the packet_info of the currently
selected packet used to use "pi"; now they use cfile.edt->pi. cfile's
"edt" member is the epan_dissect_t of the currently-selected packet.
The functionality of blank_packetinfo() was moved into
dissect_packet(), as that's the only place that called blank_packetinfo(),
after a spurious call to blank_packetinfo() was removed from
packet_list_select_cb().
svn path=/trunk/; revision=4246
if (and only if) the length of the item being added is 0 (so that it has
no data backing it).
This means the data stream name pointer for the item in question is
null; make sure we handle that.
Use that for some "uses the value from the matching request" fields in
the SMB Pipe protocol.
svn path=/trunk/; revision=4231
for AIX 5.x's non-standard libpcap, where "pcap_datalink()" doesn't
return DLT_ values, it returns RFC 1573 ifType values.
Put that wrapper, and the routine to get the interface list, in a
separate file, for packet-capture utility routines, so not everybody who
includes "util.h" needs to include <pcap.h>.
Fix up the Wiretap hack for dealing with said incompatibility to use the
correct ifType value for Token Ring.
svn path=/trunk/; revision=4184
obsolete; we silently ignore attempts to set those in a preferences
file, so that we don't spam the user with error messages caused by them
having saved preferences in an earlier release that contained those
preferences.
Make the Diameter and iSCSI dissectors register obsolete preferences.
Crash if some code tries to register a preferences module with a name
that contains something other than lower-case ASCII letters, numbers, or
underscores, or that has already been registered, or if some code tries
to register a preference with a name that contains something other than
lower-case ASCII letters, numbers, underscores, or periods, or that has
already been registered, so that we don't put code like that in a
release and have to shovel code into "prefs.c" to fix it up later. (The
problem with multiple modules or preferences with the same name should
be obvious; the problem with names with blanks, or upper-case letters,
or punctuation, is that they're a pain to type on the command line.)
svn path=/trunk/; revision=4148
and generates the path name; have it, if the file is to be opened for
reading on Win32, check whether it exists and, if not, check for it in
the old home directory-based configuration directory and, if so, return
that path instead, so that files saved with earlier versions of Ethereal
will be seen.
svn path=/trunk/; revision=4072
reside. Use it, rather than concatenating the user's home directory and
".ethereal" in a number of files.
Fix up some additional places to use G_DIR_SEPARATOR_S as the pathname
separator.
svn path=/trunk/; revision=4061
"--with-pcap", it adds the "include" subdirectory of that directory to
the list of directories to search for include files, rather than adding
the directory itself.
Check whether libpcap defines "pcap_version", and define
HAVE_PCAP_VERSION if it does. Use "pcap_version" iff HAVE_PCAP_VERSION
is defined, rather than special-casing MacOS X.
Don't #define a string for the WinPcap version; just leave
HAVE_PCAP_VERSION undefined on Windows, as WinPcap 2.2beta is out, so we
can no longer assume that the Windows version of Ethereal is using
WinPcap 2.1.
svn path=/trunk/; revision=3792
replace "--with-plugindir" with "--with-plugins", and have the
plugin directory optional - this allows plugins to be disabled;
add "--traditional-cpp" on MacOS X/Darwin (Apple's "cc" compiler
requires it, for some annoying reason, even though it is, as far
as I know, GCC-based, and other GCC's don't require it);
on MacOS X, don't use "pcap_version[]", as, for some annoying
reason, libpcap on MacOS X doesn't define it.
Clean up some whitespace in the help messages for the configure script.
Move the AM_CONDITIONAL for SETUID_INSTALL after the point at which
"enable_setuid_install" is set, as it tests "enable_setuid_install".
svn path=/trunk/; revision=3788
get from calling "wtap_file()", so get rid of the call and the
(otherwise unused) variable to which its result gets assigned.
That lets us get rid of "wtap_file()" in Wiretap.
It also lets us get rid of the include of "zlib.h" in "file.h"; the
#defines of "file_open()", "filed_open()", and "file_close()" are also
unnecessary, so we get rid of those as well.
However, that means we need to include <zlib.h> in "gtk/main.c" and
"tethereal.c", so that the version number of libz is defined and can
show up in the version string.
svn path=/trunk/; revision=3652
for promiscuous mode; just do what the parent process told you, i.e. do
a non-promiscuous capture iff a "-p" flag was specified.
svn path=/trunk/; revision=3575
a "Match Selected" on it - we can't do a "Match Selected" if the field
has no value (e.g., FT_NULL) and has a length of 0.
If we unselect the current packet, we don't have a protocol tree, so we
don't have a currently selected field - clear the "Match Selected" menu
item and the display in the status line of information about the
currently selected field.
Move the low-level statusbar manipulation into "gtk/main.c", in routines
whose API doesn't expose anything GTK+-ish.
"close_cap_file()" calls one of those routines to clear out the status
bar, so it doesn't need to take a pointer to the statusbar widget as an
argument.
"clear_tree_and_hex_views()" is purely a display-manipulating routine;
move it to "gtk/proto_draw.c".
Extract from "tree_view_unselect_row_cb()" an "unselect_field()" routine
to do all the work that needs to be done if the currently selected
protocol tree row is unselected, and call it if the currently selected
packet list row is unselected (if it's unselected, there *is* no
protocol tree, so no row can be selected), as well as from
"tree_view_unselect_row_cb()".
Before pushing a new field-description message onto the statusbar, pop
the old one off.
Get rid of an unused variable (set, but not used).
svn path=/trunk/; revision=3513
Joerg Meyer.
Support for saving to the preferences file the settings for all types of
name resolution.
Do a case-insensitive check for "true" and "false" in Boolean preference
settings.
svn path=/trunk/; revision=3489
control whether we have a child process do the capturing; a user might
want the packet list to be updated as packets arrive but *not* want it
to scroll so that the most recently arrived packets are shown.
"prefs.capture_auto_scroll", not "auto_scroll_live", should control
whether we scroll a real-time-update capture's packet list;
"auto_scroll_live" isn't set by the capture dialog box,
"prefs_capture_auto_scroll" is.
svn path=/trunk/; revision=3388
status bar to display nothing, rather than "Text (text)", when a
"proto_tree_add_text()" field is selected.
While we're at it, use a similar test to eliminate the text pseudo-field
from the output of "{ethereal,tethereal} -G", as well.
svn path=/trunk/; revision=3335
and never was - there's only an Ethereal-wide "enable name resolution"
preference. Name it just "name_resolve".
Replace all tests of "g_resolving_actif" with tests of
"prefs.name_resolv", and replace all code that sets "g_resolving_actif"
with code that sets "prefs.name_resolv", so that the setting of
"prefs.name_resolv" actually affects whether names are resolved or not.
svn path=/trunk/; revision=3300
we figure out what the real bug is.
Fix set_last_open_dir() to use G_DIR_SEPARATOR and G_DIR_SEPARATOR_S
for cross-platform compatibility.
svn path=/trunk/; revision=3281
file-selection dialogue to open the directory and show its
contents, otherwise it opens the parent directory and shows *its*
contents.
svn path=/trunk/; revision=3279
for Win32, and show a slightly more informative (i.e., geared to the
user) help message when trying to capture without having WinPcap installed.
svn path=/trunk/; revision=3261
That means that I no longer need to distribute capture and non-capture
versions of Ethereal for Win32; one version (compiled with WinPcap headers)
can run on systems with or without WinPcap.
For systems that don't have WinPcap, instead of disabling the Capture
menu, Capture|Start brings up a dialogue informing the user that wpcap.dll
was not loadable, and gives a URL to the WinPcap home page.
svn path=/trunk/; revision=3249
"find_last_pathname_separator()" on Win32; move the other pathname
manipulation routines from "util.c" into "epan/filesystem.c".
Remove from "util.h" the declarations of routines not defined in
"util.c", and put them into "epan/filesystem.h" if they're not already
there.
Adjust #includes to make the above work.
svn path=/trunk/; revision=3241
allow the passing of register_all_protocols() and
register_all_protocol_handoffs() through epan_init() to proto_init().
This allows the removal of the compile time dependence of proto.c
on register.h. Modified dftest.c, tethereal.c, and gtk/main.c to
use the new style epan_init() and depend on register.h.
svn path=/trunk/; revision=3237
"gtk/main.c" in Ethereal.
Add the GLib version to it in Ethereal, and put in the GLib version
rather than the GTK+ version in Tethereal (which isn't linked with
GTK+...).
Make it a GString; this makes the code to construct it slightly less
ugly, especially now that we're putting the GLib version in.
Fix the code for the "-D" flag in Tethereal to compile in a no-libpcap
version (in a no-libpcap version, it just says that this version of
Tethereal wasn't compiled with capture support).
svn path=/trunk/; revision=3196
Tvbuffers changed to added the data source name,
GUI and printing code changed to support these changes
and display the multiple hex views.
svn path=/trunk/; revision=3165
routines need it.
When a user clicks on a hex digit or on the corresponding character
(the "text dump" portion) in the hex dump, find the field in the
proto_tree that the byte corresponds to, expand the GtkCTree so that
the field is viewable, select the field, and center it vertically.
LanAlyzer has this feature, and I've missed it in Ethereal.
svn path=/trunk/; revision=3096
application, catch what GLib message-logging calls we can, and create a
console and make it the standard input, output, and error if such a call
is made, so those messages show up in a console window. Create the
console for the output of "ethereal -v" as well.
svn path=/trunk/; revision=3052
capturing; if we succeed, display the packet drops count as the "Drops"
value in the status line and as the "Dropped packets" statistics in the
summary dialog box, otherwise don't display it at all.
In Tethereal, attempt to get the packet statistics from libpcap when
capturing; if we succeed, and if there were any dropped packets, print
out the count of dropped packets when the capture finishes.
svn path=/trunk/; revision=3016
into epan/ftypes.
Re-write display filter routines using Lemon parser instead of yacc.
Besides using a different tool, the new grammar is much simpler, while
the display filter engine itself is more powerful and more easily extended.
Add dftest executable, to test display filter "bytecode" generation.
Add option to "configure" to build dftest or randpkt, both of which are not
built by default.
Implement Ed Warnicke's ideas about dranges in the new display filter and
ftype code.
Remove type FT_TEXT_ONLY in favor of FT_NONE, and have protocols registered
as FT_PROTOCOL. Thus, FT_NONE is used only for simple labels in the proto tree,
while FT_PROTOCOL is used for protocols. This was necessary for being
able to make byte slices (ranges) out of protocols, like "frame[0:3]"
Win32 Makefile.nmake's will be added tonight.
svn path=/trunk/; revision=2967
compiled capture filter program, so remove it, and remove the include of
<pcap.h> from "file.h"; instead, have local "struct bpf_program"
structures where needed, and have those files that need stuff from
<pcap.h> include it.
This cleans stuff up a bit, and should eliminate a pile of compile
warnings with Visual C++ due to <pcap.h> and some GTK+/GLib header file
(or files they include) both defining "inline".
svn path=/trunk/; revision=2954
use the capture filter lists, and others use the display filter list, as
appropriate.
Have separate menu items for editing the capture and display filter
lists.
Have separate "~/.ethereal/cfilters" and "~/.ethereal/dfilters" files
for the two lists; if either of those files isn't found, we try
"~/.ethereal/filters", which means that you will start out with two
identical lists holding all your filters - if certain filters belong
only in one list, you'll have to delete them by hand from the other
list.
Do I/O error checking when reading and writing filter lists; when
writing a filter list, write it to a new file, and then rename the new
file on top of the old file, so that you don't lose your old filter list
if, for example, you run out of disk space or disk quota.
svn path=/trunk/; revision=2948
selection change event on the list of filters. Unfortunately, this can
happen after some other widgets in that dialog box have already been
destroyed - including some of the widgets that such a selection change
event can change.
This sometimes happened when "filter_prefs_delete()" hadn't been called,
so the mechanism we had been using, with a Boolean datum attached to the
dialog box, set in "filter_prefs_delete()" before we actually destroy
the dialog box, wasn't sufficient to keep that from happening.
Attach to the top-level window data items containing pointers to the
widgets changed when a filter is selected from the list, give each of
those widgets their own destroy callbacks, clear the pointer attached to
the top-level widget when the widget is destroyed, and don't do anything
to the widget when a filter is selected from the list if the pointer for
that widget is null, as that means the widget's been destroyed and we
*can't* do anything to it.
Not all filter editing dialogs created on behalf of a "Filter:" button
next to a text entry box should, when you click "OK", activate the text
entry box; if the text entry box is part of a dialog box with multiple
widgets, the user might not have filled in all of the items in that
dialog box, so you shouldn't activate it for them. Add a mechanism by
which, when creating a filter editing dialog box, you can specify
whether the "OK" button should just fill in the text entry box or should
fill it in and also activate it.
svn path=/trunk/; revision=2922
display tree, based on Jeff Foster's dialog box for selecting fields.
Make the dialog box for browsing filters into a dialog box for
constructing filters; make the "Apply" button and the "OK" button apply
the filter in the text entry box in the dialog, not the currently
selected filter (selecting a filter puts it in that text entry box, but
the user may edit it afterwards, or may use the aforementioned dialog
box to construct a filter not in the list).
Get rid of extra declarations of "m_r_font" and "m_b_font" in
"proto_draw.c"; they're declared in "gtk/gtkglobals.h", which it includes.
svn path=/trunk/; revision=2805
"color_t" structure to store color values (although currently it has all
the same fields that a GdkColor has; its currently advantage is that you
don't have to include any GTK/GDK stuff to declare it).
Add routines in the "gtk" directory to convert between "color_t" and
GdkColor values.
Define, in "prefs.h", all colors as "color_t" values rather than
GdkColor values. "prefs.h" now no longer needs to include <gtk/gtk.h>,
so don't include it.
svn path=/trunk/; revision=2692
can be put, and a pointer to the string for the column, which might or
might not point to that buffer.
Add a routine "col_set_str()", which sets the string for the column to
the string passed to it as an argument; it should only be handed a
static string (a string constant would be ideal). It doesn't do any
copying, so it's faster than "col_add_str()".
Make the routines that append to columns check whether the pointer to
the string for the column points to the buffer for the column and, if
not, copy the string for the column to the buffer for the column so that
you can append to it (so you can use "col_set_str()" and then use
"col_append_str()" or "col_append_fstr()").
Convert a bunch of "col_add_str()" calls that take a string constant as
an argument to "col_set_str()" calls.
Convert some "col_add_fstr()" calls that take a string constant as the
only argument - i.e., the format string doesn't have any "%" slots into
which to put strings for subsequent arguments to "col_set_str()" calls
(those calls are just like "col_add_str()" calls).
Replace an END_OF_FRAME reference in a tvbuffified dissector with a
"tvb_length(tvb)" call.
svn path=/trunk/; revision=2670
files from being #included in epan/packet.c.
Fix the other files that need either "gtk/colors.h" or <gtk/gtk.h> #included
as a result of not pulling in gtk/colors.h automatically because of file.h.
svn path=/trunk/; revision=2519
file, rather than the top-level Ethereal configuration file, check for
"inet_aton()", "inet_pton()", and "inet_ntop()". Then make its
Makefile.am include the appropriate object files if necessary.
Otherwise, they don't get built and put into libethereal, and therefore
attempts to link with anything in libethereal that uses them fail on
platforms that lack ethem, causing the build to fail.
That means a bunch of things need to be fixed to cope with libethereal
having its own "config.h" file; this means removing the include of
"config.h" from some libethereal header files. Move the definitions of
the path names used only by "resolv.c" to "resolv.c" from "resolv.h" (so
"resolv.h" doesn't need "config.h", define HAVE_PLUGINS in the configure
script (so we don't have to include it in "plugins.h" to check whether
HAVE_DLFCN_H is defined).
Unfortunately, stuff outside libethereal needs to know PLUGIN_DIR; for
now, define that in the top-level configuration file, and have Ethereal
and Tethereal pass it as an argument to "epan_init()" - that should be
cleaned up at some point.
Remove from the top-level configure script checks for things used only
in libethereal.
svn path=/trunk/; revision=2498
Preferences" dialog box, to control whether to put the interface in
promiscuous mode or not; Debian bug #34376 asked for this.
svn path=/trunk/; revision=2439
may be redrawing a packet window that displays a frame other than the
current frame; give it arguments to specify the raw frame data and
"frame_data" structure for the frame.
This requires that each packet window have, associated with it, a
pointer to the "frame_data" structure; that replaces the "cap_len" and
"encoding" fields in a "PacketWinData" structure, as those are just
copies of fields from the frame's "frame_data" structure.
"packet_hex_print()" needn't be passed both the start and length values
from a "field_info" structure - just pass it a pointer to that
structure, or NULL for "no field is selected in the packet". It also
needn't, any longer, be passed the "cap_len" and "flags.encoding" fields
of a "frame_data" structure - just pass it a pointer to that structure.
In "redraw_hex_dump_all()", don't redraw the hex dump pane of the main
window if there is no current frame.
svn path=/trunk/; revision=2404
the text in all "Follow TCP Stream" windows;
the text in the help window if we have one up;
all hex dump windows;
when GUI preference changes are to be applied, so that font changes and
"Follow TCP Stream" color changes show up.
Update both the Roman and bold font when the font is changed.
Don't decrement the reference counts on the old Roman and bold fonts
until that's all done.
svn path=/trunk/; revision=2401
highlighting of the bytes, in the hex dump window, corresponding to a
selected field.
Also, make "remember_ptree_widget()" static, as it's not used outside
"gtk/proto_draw.c".
svn path=/trunk/; revision=2399
This allows the display of a short field description (and
field abbreviation) in the status bar when a field is selected
in the protocol tree window.
The description is the blurb field when available (i.e. not empty),
the name otherwise.
When the item is unselected, the file context (e.g. the file name)
is restored.
Now it is much easier to build a display filter without the manual ;-)
svn path=/trunk/; revision=2343
Currently, it allows the selection of the foreground and
background colors of the marked frames but it could be
extended further (e.g. color of normal frames).
Add update_marked_frames() in main.c to update the
display (e.g. colors) of marked frames.
svn path=/trunk/; revision=2339
color of marked frames.
They are currently only available from preferences file,
but I will add the color selection in GUI later.
svn path=/trunk/; revision=2327
the Edit menu which allow you to:
- mark (or unmark) the currently selected frame
- mark all _displayed_ frames
- unmark all _displayed_ frames
Should I be more precise in the menu label ?
(e.g. "Mark All Displayed Frame" instead of "Mark All Frames"
and "Mark Selected Frame" instead of "Mark Frame" ?)
svn path=/trunk/; revision=2325
the middle mouse button. The marked packets are displayed in
reverse video but this should change in the future (the color
should be configurable via the GUI).
Then, the marked packets can be saved (via the "Save as"
window dialog).
Other features will be added in the future (I am waiting for
your comments and wishes).
svn path=/trunk/; revision=2322
- have popup_menu_handler return TRUE or FALSE according
to the fact that the event is really processed or not.
- use gtk_signal_connect instead of gtk_signal_connect_object
to have the widget that emitted the signal _and_ the popup
menu widget.
- call gtk_signal_emit_stop_by_name to abort the propagation
if the signal was processed.
svn path=/trunk/; revision=2318
"cancel", and "delete" methods, give them:
"fetch" - fetch from the notebook tab any values not already
stored in "prefs", and store them there, but doesn't apply them;
"apply" - apply the settings in "prefs";
"destroy" - clean up any windows created from the tab.
As we no longer have "cancel" methods, we don't have per-preference code
to revert preference values; instead, we have the common preference
dialog box code make a copy of all the current preferences, and, when
the "Cancel" button is clicked, free the current preferences and copy
the saved preferences to it, and apply the preferences.
Add an "Apply" button to the preference dialog box, which applies the
current preferences without closing the dialog box.
Treat a request to delete the preferences dialog box as equivalent to
clicking "Cancel".
Have a "remember_ptree_widget()" routine to remember all protocol tree
widgets, and use the list of those widgets when we set GUI preferences
for the protocol tree widgets, rather than setting the main protocol
tree widget and then using the list of packet windows. Move that code
out of "main.c" to "proto_draw.c", as it's not used by anything in
"main.c", but is used by stuff in "proto_draw.c".
Make the font one of the preferences we can set on the fly for protocol
tree widgets. Also make it something we can set on the fly for the
packet list widget.
svn path=/trunk/; revision=2316
uses "normal" rather than "medium" as the weight name for normal-weight
fonts; map "normal", as well as "medium", to "bold" when constructing
the name of the bold version of a font.
svn path=/trunk/; revision=2306
generate the name of the boldface font from the Roman font; if the two
fonts don't have the same widths, the display will look weird when a
field is selected, and it's a bit of a pain for the user to have to
select *two* fonts.
On UNIX/X, default to
"-*-fixed-medium-r-semicondensed-*-*-120-*-*-*-*-*-" rather than to
"-*-lucidatypewriter-medium-r-normal-*-*-120-*-*-*-*-iso8859-1" - some
Linux distributions appear to lack the Lucida typewriter font.
Add a "gui.font_name" preference to the preferences file, specifying the
normal-weight font to use. Have it settable from the "GUI" tab in the
Preferences dialog box - the "Font..." button, when clicked, pops up a
font selection dialog box.
If we either can't open the selected font or the boldfaced version of
the font, default to "6x13" and "6x13bold" as fallbacks - the former
will probably be "fixed", and the latter would be "fixedbold" if X
actually created such an alias, but it doesn't so we use "6x13bold"
instead.
svn path=/trunk/; revision=2304
explicitly; the right thing to do was to have
"remember_scrolled_window()" catch the "destroy" signal on the scrolled
window widget, and have the handler for that signal forget the scrolled
window.
Doing that obviates the need to have creators of scrolled windows keep
track of the windows they have and forget them when they're destroyed.
The signal for a "the window manager has requested that this window go
away" event is "delete_event", not "delete-event"; fix the
"gtk_signal_connect()" calls that were using "delete-event".
svn path=/trunk/; revision=2284
selection mode of the packet list window isn't actually going to be
changed - it's a bit annoying to have the protocol tree window clear out
from under you if all you've done is pop up the Edit->Preferences dialog
and cancelled it (or accepted it without changing any GUI preference).
svn path=/trunk/; revision=2280
at the correct notebook page when a particular protocol (which has registered
some preferences) is selected in the tree view.
- add set_menus_for_selected_tree_row() in menu.[ch]
- add prefs_is_registered_protocol() and
prefs_get_title_by_name() in prefs.[ch]
svn path=/trunk/; revision=2275
- add <stdarg.h> or <varargs.h> in snprintf.h
and remove those inclusions in the other #ifdef NEED_SNPRINTF_H codes
- remove the check of multiple inclusions in source (.c) code
(there is a bit loss of _cpp_ performance, but I prefer the gain of
code reading and maintenance; and nowadays, disk caches and VM are
correctly optimized ;-).
- protect all (well almost) header files against multiple inclusions
- add header (i.e. GPL license) in some include files
- reorganize a bit the way header files are included:
First:
#include <system_include_files>
#include <external_package_include_files (e.g. gtk, glib etc.)>
Then
#include "ethereal_include_files"
with the correct HAVE_XXX or NEED_XXX protections.
- add some HAVE_XXX checks before including some system header files
- add the same HAVE_XXX in wiretap as in ethereal
Please forgive me, if I break something (I've only compiled and regression
tested on Linux).
svn path=/trunk/; revision=2254
file to a user-specified file.
Move the file-copy routine in save_cap_file() to an indepenent
function in file.c (copy_binary_file()) so that follow_dlg.c can use it.
Remove #include "follow.h" from the C files that don't need it.
svn path=/trunk/; revision=2200
to use "warning" dialog boxes only to warn the user "if you do that, bad
things may happen" *and* to offer them the option either to drive on or
quit, so perhaps ESD_TYPE_CRIT should be used for all errors).
However, put "Ethereal: Error" rather than "Ethereal: Critical" in the
title bar, in the hopes that it'll make it clearer that Something Bad
Happened.
If the user specifies that captures should be saved to a user-specified
file rather than a temporary file, report errors trying to create that
file with "file_open_error_message()".
Make the "for_writing" argument to "file_open_error_message()" a
"gboolean", as it's either TRUE (if the file is being opened for
writing) or FALSE (if it's being opened for reading).
Report EISDIR as "XXX is a directory (folder), not a file.".
svn path=/trunk/; revision=2143
a word to use in the progress dialog, and a flag indicating whether the
display filter is to be reevaluated or not, and:
have "colorize_packet()" call that routine with "Colorizing" and
FALSE as those arguments;
have the filtering code call that routine with "Filtering" and
TRUE as those arguments;
add an exported routine to call that routine with "Reprocessing"
and TRUE as those arguments, to use to re-generate the packet
list and to re-filter the packets if a protocol preference has
been changed.
Keep track of whether preferences are changed from their initial value
by a preferences file or a command-line option, or from their previous
value by the "Preferences" dialog box; have "prefs_apply_all()" only
call the "apply" callback for a module if they have.
Call "prefs_apply_all()" after the command-line arguments have been
parsed and after "OK" has been clicked in the "Preferences" dialog box,
to notify modules of preference changes if they've registered a callback
for that.
After "OK" has been clicked in the "Preferences" dialog box, if any
preferences have changed, call the reprocessing routine, as the summary
line for some frames and/or the current display filter's value when
applied to some frames may have changed as a result of a preference
change. Do the same after "OK" or "Apply" has been clicked in the
"Display Options" dialog box (as it controls a protocol preferences
item.
svn path=/trunk/; revision=2126
same directory as the "manuf" file ("/etc" or "/usr/local/etc", most
likely).
Add a mechanism to allow modules (e.g., dissectors) to register
preference values, which:
can be put into the global or the user's preference file;
can be set from the command line, with arguments to the "-o"
flag;
can be set from tabs in the "Preferences" dialog box.
Use that mechanism to register the "Decode IPv4 TOS field as DiffServ
field" variable for IP as a preference.
Stuff that still needs to be done:
documenting the API for registering preferences;
documenting the "-o" values in the man page (probably needs a
flag similar to "-G", and a Perl script to turn the output into
documentation as is done with the list of field);
handling error checking for numeric values (range checking,
making sure that if the user changes the variable from the GUI
they change it to a valid numeric value);
using the callbacks to, for example, update the display when
preferences are changed (could be expensive);
panic if the user specifies a numeric value with a base other
than 10, 8, or 16.
We may also want to clean up the existing wired-in preferences not to
take effect the instant you tweak the widget, and to add an "Apply"
button to the "Preferences" dialog.
svn path=/trunk/; revision=2117
potentially long-running operation that has a progress indicator, pop up
a modal dialog box with
an indication of what is being done;
a progress bar;
a "Cancel" button to stop the operation.
This:
leaves more room on the status line for a filter expression;
provides a mechanism to allow the user to cancel long-running
operations (although the way we do so may not back out of them
as nicely as the user might like, if it's not obvious what the
"right" way is or if the "right" way is difficult to implement
or involves doing as much work as letting the operation
continue);
means that, because the dialog box is modal, we don't have to
worry about the user performing arbitrary UI operations out from
under the operation and changing arbitrary bits of state being
used by that operation.
svn path=/trunk/; revision=2103
a pointer to the "wtap_pkthdr" structure for an open capture
file;
a pointer to the "wtap_pseudo_header" union for an open capture
file;
a pointer to the packet buffer for an open capture file;
so that a program using "wtap_read()" in a loop can get at those items.
Keep, in a "capture_file" structure, an indicator of whether:
no file is open;
a file is open, and being read;
a file is open, and is being read, but the user tried to quit
out of reading the file (e.g., by doing "File/Quit");
a file is open, and has been completely read.
Abort if we try to close a capture that's being read if the user hasn't
tried to quit out of the read.
Have "File/Quit" check if a file is being read; if so, just set the
state indicator to "user tried to quit out of it", so that the code
reading the file can do what's appropriate to clean up, rather than
closing the file out from under that code and causing crashes.
Have "read_cap_file()" read the capture file with a loop using
"wtap_read()", rather than by using "wtap_loop()"; have it check after
reading each packet whether the user tried to abort the read and, if so,
close the capture and return an indication that the read was aborted by
the user. Otherwise, return an indication of whether the read
completely succeeded or failed in the middle (and, if it failed, return
the error code through a pointer).
Have "continue_tail_cap_file()" read the capture file with a loop using
"wtap_read()", rather than by using "wtap_loop()"; have it check after
reading each packet whether the user tried to abort the read and, if so,
quit the loop, and after the loop finishes (even if it read no packets),
return an indication that the read was aborted by the user if that
happened. Otherwise, return an indication of whether the read
completely succeeded or failed in the middle (and, if it failed, return
the error code through a pointer).
Have "finish_tail_cap_file()" read the capture file with a loop using
"wtap_read()", rather than by using "wtap_loop()"; have it check after
reading each packet whether the user tried to abort the read and, if so,
quit the loop, and after the loop finishes (even if it read no packets),
close the capture and return an indication that the read was aborted by
the user if that happened. Otherwise, return an indication of whether
the read completely succeeded or failed in the middle (and, if it
failed, return the error code through a pointer).
Have their callers check whether the read was aborted or not and, if it
was, bail out in the appropriate fashion (exit if it's reading a file
specified by "-r" on the command line; exit the main loop if it's
reading a file specified with File->Open; kill the capture child if it's
"continue_tail_cap_file()"; exit the main loop if it's
"finish_tail_cap_file()".
svn path=/trunk/; revision=2095
make it easier to use grep to find all references to it without getting
a lot of false hits and to check, after allocating the memory chunk for
"frame_data" structures, that the allocation succeeded.
svn path=/trunk/; revision=2092
file, not as a text file; that makes no difference on UNIX, but, as the
file *is* binary, it makes a difference on Win32 systems.
svn path=/trunk/; revision=2086
there's no need to keep it around in memory - when the frame data is
read in when handing a frame, read in the information, if any, necessary
to reconstruct the frame header, and reconstruct it. This saves some
memory.
This requires that the seek-and-read function be implemented inside
Wiretap, and that the Wiretap handle remain open even after we've
finished reading the file sequentially.
This also points out that we can't really do X.25-over-Ethernet
correctly, as we don't know where the direction (DTE->DCE or DCE->DTE)
flag is stored; it's not clear how the Ethernet type 0x0805 for X.25
Layer 3 is supposed to be handled in any case. We eliminate
X.25-over-Ethernet support (until we find out what we're supposed to
do).
svn path=/trunk/; revision=1975
display to be sorted by the value in that column (and to reverse the sort
order the next time you click on that column).
Use "F<>" rather than "B<>" for file names in the Ethereal man page.
svn path=/trunk/; revision=1931
console-subsystem program, so that when not run from a shell window it
doesn't cause a shell window to be popped up. (Yes, this means that any
messages it prints, when not popped up from a shell window, get lost,
but the same is true of Ethereal on UNIX/X.) Trick for doing this
shamelessly stolen from the Win32 port of the GIMP.
We do not want to build Tethereal or editcap as Windows-subsystem
programs, however, so we take the "/SUBSYSTEM" flag out of LDFLAGS and
put it into the link commands for Ethereal, Tethereal, and editcap.
svn path=/trunk/; revision=1857
it in SOCKS dissector.
(Okay, how many times am I going to modify packet.h today, forcing you
to re-compile everything? :-)
svn path=/trunk/; revision=1850
"dissect_init()" and "dissect_cleanup()", in "packet.c", so that we
don't duplicate those routines in Ethereal and Tethereal (and so on),
and don't have to remember to update N different versions of them if we
have to change the way we do one-time initialization and cleanup.
svn path=/trunk/; revision=1790
registration routines to get rid of the special handling of ONC RPC
protocols - dissectors for ONC RPC-based protocols should register their
protocol, fields, and ETT values in a protocol registration routine, and
register themselves with the ONC RPC dissector in their protocol handoff
routine, so that the latter is done after the ONC RPC dissector's
protocol registration routine is called, so that the data structures
needed when dissectors for ONC RPC protocols register themselves with
the ONC RPC dissector have been initialized.
Get rid of "init_dissect_rpc()", which initializes said data structures;
do that in "proto_register_rpc()" instead.
svn path=/trunk/; revision=1789
hash table attached to "udp.port" out of "init_dissect_udp()" into
"proto_register_udp()", so that it's done the way TCP does it, and then
get rid of "init_dissect_udp()".
svn path=/trunk/; revision=1781
"global" dialog box when "Edit:Filters" is selected, so that the list of
filters can be edited, and "filter_browse_cb()", which pops up a dialog
box associated with a "Filter:" button and a text entry widget attached
to that button, so that a filter can be selected or saved (although it
also supports the same editing that the "global" dialog box does).
Have "filter_dialog_cb()" connect the window in which the "Filter:"
button lives and the filter dialog box, so that:
if the window in which the "Filter:" button lives goes away, so
does the filter dialog box (as it no longer has a text widget
into which it can stuff the selected filter);
if the "Filter:" button is clicked when there's already a filter
dialog box open, we just reactivate that existing dialog box
rather than popping up a new one.
Also keep a pointer to the "global" filter dialog box, so that we also
arrange that there's only one of them (by reactivating the existing on
if "Edit:Filters" is selected when there's already a "global" filter
dialog box open).
Keep around pointers to the dialog boxes that contain the "Filter:"
buttons, so that we can arrange that there be only one of them (that was
a side-effect of an earlier attempt at fixing the problems described
above, but it's still useful for keeping multiple competing dialog boxes
from being open - there's more of that to be done).
Make the pointer to the "Open Capture File" dialog box widget static to
"file_dlg.c" - nobody outside of "file_dlg.c cares about it.
svn path=/trunk/; revision=1774
Stream" windows - the window should always be deleted in that situation,
so there's no need for a signal handler that might return TRUE (meaning
"don't delete the window"), and the "destroy" handler gets called when
the window actually gets destroyed, so there's no need to do any cleanup
in the "delete_event" handler.
Catch the "delete_event" signal on the main window in a routine with the
right signature, and that returns FALSE so that the window actually gets
deleted.
Call "close_cap_file()" in the callback for the "File:Quit" menu item
(which is also called by the "delete_event" handler for the main
window), rather than calling it after "gtk_main()" returns -
"close_cap_file()" manipulates stuff in the main window, and if we do so
after "gtk_main()" returns, it appears that the main window may have
disappeared (if we are exiting because the user deleted the main
window), in which case we can get crashes or other errors when
"close_cap_file()" tries to manipulate stuff in the main window.
There's no need to catch the "destroy" signal on the main window - we do
some of the cleanup in the handler for "delete_event" (we have to, for
reasons described above), and we do the rest of it after the main
routine returns.
svn path=/trunk/; revision=1773
routines we register get called.
Register the "follow TCP stream" windows with "gtk_quit_add_destroy()",
so that, when Ethereal exits, they all get destroyed; this means that
their destroy callbacks get called, which means that they get to delete
their temporary files, so that, if you exit Ethereal without manually
closing the "follow TCP stream" windows, the temporary files don't get
left around.
Exit from Ethereal's "main()" function by calling "gtk_exit()", rather
than "exit()", so that we do whatever cleanup GTK+ requires. (We used
to call "gtk_exit()" in the callback for the "File:Quit" menu item and
the "delete" callback for the main window, but we now just call
"gtk_main_quit()" so that we exit from the main loop.)
svn path=/trunk/; revision=1772
Ethereal/win32 now supports command-line options.
Tethereal now compiles on win32, except for the fact that I haven't
put the Makefile.nmake changes in for that yet.
svn path=/trunk/; revision=1758
the "Follow TCP Stream" displays; that means we can use the same GTK+
calls to set the scrollbar placement on them that is used to set it on
other widgets.
Keep a list of all the GtkScrolledWindows whose scrollbar placement we
control with the GUI preference item for that, and change them all when
the GUI preference item is changed (which means that the GUI preference
item now applies to the "Follow TCP Stream" window as well as to the
hex/ASCII panes).
svn path=/trunk/; revision=1676
call "close_cap_file()", which will unlink the current capture file if
it's a temporary file - but will do so after closing it; certain OSes
whose names begin with "W" don't let you remove a file if it's currently
open, so if you exit Ethereal, without closing the capture first, after
doing a capture on one of those OSes, the temporary file won't be
removed.
svn path=/trunk/; revision=1628
Declare the one routine exported by "gtk/filter_prefs.c" in
"gtk/filter_prefs.h" rather than in "gtk/main.h". Declare
"E_FILT_TE_PTR_KEY" there, as well, rather than in "prefs_dlg.h", as the
filter-editing dialog box is no longer a preference tab.
Don't include "prefs_dlg.h" unless the stuff declared therein is of
interest.
Fix "gtk/find_dlg.c" to fire up the filter-editing dialog box, not the
no-longer-extant preferences tab for filters, if the "Filter:" button is
clicked.
svn path=/trunk/; revision=1619
at the end of follow_read_stream(), which causes a segfault if you change
the TCP Follow screen to EBCDIC, and then go back and select a TCP packet.
svn path=/trunk/; revision=1578
either a pointer to the directory part of the pathname (after stomping
on the pathname separator with a '\0', so don't use this on pathnames
you plan to use afterwards), or NULL if the pathname contains no
directory part, and make it handle Win32 pathnames on Win32 systems.
Use it to get the containing directory of the currently open file, so
that the "chdir()" stuff we do to cause the "File:Open" dialog box to
show you files in the directory in which you last looked works on Win32
systems.
svn path=/trunk/; revision=1555
the IPv4 TOS field as a TOS field or as a DiffServ field, and allow that
field to be controlled by a command-line option or an option in the
"Display:Options" dialog box.
svn path=/trunk/; revision=1532
to "util.c", and provide a routine to free that list as well.
When picking an interface on which to do a capture (if no "-i" flag was
specified), use that routine, and pick the first interface on the list.
svn path=/trunk/; revision=1495
or to Ethereal when the "-k" flag is specified, i.e. when a capture is
to be started immediately, use "pcap_lookupdev()" to pick an interface,
just as tcpdump does.
svn path=/trunk/; revision=1482
with MSVC 6.0 and 'nmake', the make tool that comes with MSVC.
It compiles, links, and runs. It doesn't run correctly. There's a problem
when reading files. I'm getting short reads. I'm not linking in zlib or
libsnmp because it first needs to be debugged.
I changed the plugin code to use gmodule instead of libltdl, but the
Unix build still links ethereal against libltdl. I'll fix that tonight; sorry
about leaving it in such a sad state, but I wanted to check in this code
before I left work on a Friday night. Ethereal still works, but the
building is less than optimal.
svn path=/trunk/; revision=1479
displays the contents of the TCP connexion in hexadecimal.
The two opposite directions of the conversation are displayed side by side.
svn path=/trunk/; revision=1454
into "gtk/column_prefs.c".
Get rid of "get_column_width()" - instead, export
"get_column_longest_string()", and have "get_column_width()"'s callers
make the GDK call to get the width of that string, so that "column.c"
contains no GTK+/GDK code.
svn path=/trunk/; revision=1447
print only the actual stream data, not the address and port binary
information.
Fix it to handle the ASCII/EBCDIC selection as well.
svn path=/trunk/; revision=1427
Add a "Save status" button to the Plugins window which saves the status
(enabled/disabled) and the filter used by all the plugins in
~/.ethereal/plugins.status
Moved plugins_scan_dir() from gtk/plugins_dlg.c to plugins.c because it is
GUI independent. Read plugins.status in this function and restore the saved
status.
Add a init_plugins() function in plugins.c which calls plugins_scan_dir() in
order to build the plugin_list. It is called by ethereal_proto_init() in
gtk/main.c
svn path=/trunk/; revision=1417
In order to use GTK_SELECTION_BROWSE correctly, I had to set auto_resize
to TRUE for the GtkCTree column.
Yes, I'm using terminology that's opposite that of GTK+.
When I say the selection bar "browses", I mean that you can browse the rest
of the widget with an outline selection bar, without changing the
selection. This corresponds to mode GTK_SELECTION_SINGLE.
When I say "select", I mean that the arrow keys change the selection.
This corresponds to mode GTK_SELECTION_BROWSE.
Go figure. But I like my terminology better.
svn path=/trunk/; revision=1398
I did this:
First, Havoc Pennington, in "GTK+/Gnome Application Development", in
Appendix seciton A.3.88, recommends using GtkCTree instead of GtkTree
because GtkCtree is faster, and GtkTree has limitation on its total row
height: since it must fit inside a GdkWindow, it is limited to 32,768
pixels of height. GtkTree is more flexible with regards to the types of
widgets that can be placed in the tree, but since we deal only with text,
that doesn't matter, at least for now.
Secondly, a GtkTree doesn't allow arrow-key navigation (at least as far
as I could tell). It always bothered me that the up and down arrow keys
worked in the packet list and in the hex dump, but no in the protocol tree.
GtkCTree does allow arrow-key navigation. In fact, GtkCTree is a subclass
of GtkCList (the packet list widget), so they behave a lot alike.
I went ahead and fixed the selection bar which has been bothering Richard
for a long time now. :) In the GUI preferences dialogue, you can now set
both the packet list selection bar and the protocol tree selection bar
to either "browse" or "select" mode. "browse" mode is what you're used to:
the arrow keys move an outline of the selection bar, but do not change
the selection. "select" mode does change the selection when the arrow keys
are pressed. The default behavior is set to "select", which seems more
natural for a first-time user.
svn path=/trunk/; revision=1393
option right now is the placement of the vertical scrollbars in the 3 panes.
(it's one decision; you can't have the placement of the vertical scrollbar
in the packet list pane different than the placement in the protocol tree
pane, for example).
I did this because I find it convenient to have the vertical scrollbars
on the *left* side of the text. My mouse cursor is usually expanding and
collapsing the protocol tree widgets, and once the protocol tree changes
size, I usually have to scroll. I'd rather move my mouse cursor just a few
pixels over to find the vertical scrollbar.
svn path=/trunk/; revision=1351
at all since the GtkText widget does not scroll horizontally (it says
so in the GTK+ docs and in the gtktext.c file in the GTK+ distribution).
Even if the Ethereal window is shrunk horizontally, the text widget will
line wrap (we could turn that off, but it just truncates the line, instead
of making the text widget horizontally-scrollable).
Also, change the packet list scrollbar policy to AUTOMATIC so that scroll
bars only appear when needed. This is how the protocol tree pane has
been configured already.
svn path=/trunk/; revision=1308
window is extended veritically, either up or down, the packet list
and hex dump pane sizes stay the same, and the protocol tree pane
is the one that grows. Hurrah! Of course you can still modify the
size of each pane with the little separator between each pane.
svn path=/trunk/; revision=1307
"Edit:Preferences" and put it directly under "Edit:Filters", and to add
an "Apply" button to it, which makes the currently selected filter the
current filter and applies it to the current capture.
svn path=/trunk/; revision=1275
into "gtk/ui_util.c", and move the declarations of those UI utilities
out of "util.h" into "ui_util.h". (The header file is in the top-level
directory, rather than the "gtk" directory, because it declares
window-system-independent interfaces to routines with
window-system-dependent implementations.)
Add to "gtk/ui_util.c" a routine to set the window and icon title.
Use that routine to make the title of an Ethereal top-level window be
{filename} - Ethereal
if there's a capture open, and have "{filename}" be "<capture>" if it's
a temporary capture file.
svn path=/trunk/; revision=1255
Don't list capture-oriented flags in the usage message if Ethereal was
built without "libpcap".
If a capture-oriented flag is given to an Ethereal built without
"libpcap", print a message noting that and give a usage message.
Print only one usage message, even if more than one bad command-line
flag is given.
svn path=/trunk/; revision=1236
treat CONNECT as an HTTP request;
add DELETE and OPTIONS as request names.
Make the order of names in the AUTHORS file match that of the man page
and the About box.
svn path=/trunk/; revision=1231
loading a new file from within ethereal.
In main(), cf_name was being set to optarg, without g_strdup()'ing it.
Later, in file_open_cmd_cb(), we try to g_free last_open_dir, which is
cf_name, so blammo! We try to g_free something that we can't.
So, in main(), be sure to set cf_name to a g_strdup() of optarg, not
just optarg.
(At home I'm using debug/development versions of glib/gtk, so maybe
that's why I saw the problem only now. I could have sworn that I
have done this sequence of events successfully before).
svn path=/trunk/; revision=1180
packets that are currently being displayed from that capture.
Centralize the code to control whether "File:Save" and "File:Save As"
are enabled (and *always* have "File:Save As" enabled if you have a
capture; "File:Save" is enabled only if you have a live capture you've
not yet saved, although it does the same thing as "File:Save As").
Have the "save_file" member of a "capture_file" structure represent
*only* the file currently being *written* to by a capture, and, if there
is no capture currently in progress, have it be NULL; the name of the
file currently being *displayed" is in the "filename" member, and an
"is_tempfile" member indicates whether it's a temporary file for a live
capture or not.
Have "close_cap_file()" delete the current capture file if it's a
temporary capture file that hasn't been saved (in its entirety - saving
selected frames doesn't count). Do the same (if there *is* a current
capture file) when exiting.
The "Ready to load or capture" message is the only statusbar message in
the "main" context; "close_cap_file()" should never pop it, it should
only pop whatever message exists in the "file" context, and thus has no
need to take, as an argument, the context for the message it should pop.
Update the man page to reflect the new behavior of "File:Save" and
"File:Save As", and to reflect recent changes to "Display:Match Selected".
svn path=/trunk/; revision=1170
"capture_file" - when handed a "capture_file *", it only cared about the
"colors" entry. The only time it cares about a "capture_file" is when
it's actually filtering the packets, as it needs to hand the
"capture_file *" to "colorize_packets()".
Make the stuff exported by "colors.c" in "colors.h" take "colfilter *"
arguments (or return a "colfilter *" to be stuffed into a
"capture_file").
svn path=/trunk/; revision=1162
CMU SNMP library was linked in and, if one of them was, information
about the version of the library, if that information is available.
svn path=/trunk/; revision=1140
the history of display filters. If it is deemed useful to put the filter in
the histor of filters also, then I can do that.
When Match Selected produces byte-range display filters (field[x:y] == x.y.z),
use notation without length, since the length is no longer needed.
(field[x] == x.y.z is produced)
When Match Selected prodcues a filter for FT_ETHER's, use ether_to_str()
instead of sprintf().
svn path=/trunk/; revision=1112
Document changes in this version.
Add Greg to ever-growing list of authors (he was in AUTHORS, but not
in manpage nor in main.c)
svn path=/trunk/; revision=1097
of SNA in a packet changes the character encoding from the default ASCII
to EBCDIC.
The hex-printing routines in the GUI code and in the printing code convert
to EBCDIC if appropriate.
svn path=/trunk/; revision=1089
ip_to_str() is 7 times faster than my sprintf() implementation (both of
which take very little time for the single call that match_selected() makes,
but you know....)
svn path=/trunk/; revision=1071
field's name, if possible. (If the selected field is not a registered field,
then of course, we still have to use the frame[x:y] syntax).
tree_selected_start and tree_selected_len are on longer globals variables;
finfo_selected has replaced them.
svn path=/trunk/; revision=1070
Rename the dissector for the Netware SAP protocol to "dissect_ipxsap()",
so as to keep its name from colliding with that of the dissector for the
Session Announcement Protocol.
svn path=/trunk/; revision=1046
hex window to scroll so that the data in the currently-selected field is
visible, but merely revealed core-dumping bugs in GTK+.
svn path=/trunk/; revision=1040
store the field_info pointer, from which we can get both "start" and
"length" (and "hfinfo" and "value", which I'm working towards, so that
match_selected, or a new function, and create a display filter based on
the field's name, instead of byte offset ).
svn path=/trunk/; revision=1039
colors.c wasn't freeing path in one place
main.c wasn't freeing rc_file
the frame_buffer fix in wtap.c didn't clear everything.
svn path=/trunk/; revision=1001
filter to search forward or backward in the list of displayed frames for
a matching frame.
When filtering the display, readjust the display to show the "current"
frame if it passed the display filter. When a file is read in, the
first frame becomes the "current" frame; when a frame is selected, it
becomes the "current" frame, and remains so *even if you unselect it*,
until another frame is selected.
Select the first frame when a file is read in.
Disable most of the "Display" and "Tools" menu items if there's no
current capture file, and enable the relevant ones if there is.
svn path=/trunk/; revision=982
structure to "dl_src"/"dl_dst", "net_src"/"net_dst", and "src"/"dst"
addresses, where an address is an address type, an address length in
bytes, and a pointer to that many bytes.
"dl_{src,dst}" are the link-layer source/destination; "net_{src,dst}"
are the network-layer source/destination; "{src,dst}" are the
source/destination from the highest of those two layers that we have in
the packet.
Add a port type to "packet_info" as well, specifying whether it's a TCP
or UDP port.
Don't set the address and port columns in the dissector functions; just
set the address and port members of the "packet_info" structure. Set
the columns in "fill_in_columns()"; this means that if we're showing
COL_{DEF,RES,UNRES}_SRC" or "COL_{DEF,RES,UNRES}_DST", we only generate
the string from "src" or "dst", we don't generate a string for the
link-layer address and then overwrite it with a string for the
network-layer address (generating those strings costs CPU).
Add support for "conversations", where a "conversation" is (at present)
a source and destination address and a source and destination port. (In
the future, we may support "conversations" above the transport layer,
e.g. a TFTP conversation, where the first packet goes from the client to
the TFTP server port, but the reply comes back from a different port,
and all subsequent packets go between the client address/port and the
server address/new port, or an NFS conversation, which might include
lock manager, status monitor, and mount packets, as well as NFS
packets.)
Currently, all we support is a call that takes the source and
destination address/port pairs, looks them up in a hash table, and:
if nothing is found, creates a new entry in the hash table, and
assigns it a unique 32-bit conversation ID, and returns that
conversation ID;
if an entry is found, returns its conversation ID.
Use that in the SMB and AFS code to keep track of individual SMB or AFS
conversations. We need to match up requests and replies, as, for
certain replies, the operation code for the request to which it's a
reply doesn't show up in the reply - you have to find the request with a
matching transaction ID. Transaction IDs are per-conversation, so the
hash table for requests should include a conversation ID and transaction
ID as the key.
This allows SMB and AFS decoders to handle IPv4 or IPv6 addresses
transparently (and should allow the SMB decoder to handle NetBIOS atop
other protocols as well, if the source and destination address and port
values in the "packet_info" structure are set appropriately).
In the "Follow TCP Connection" code, check to make sure that the
addresses are IPv4 addressses; ultimately, that code should be changed
to use the conversation code instead, which will let it handle IPv6
transparently.
svn path=/trunk/; revision=909
added misc. constants for parsing flags, and converting time
stamps;
added flags and primary sources explanations;
added function for converting time stamps;
improved item analysis;
new item definitions;
from Tomislav Vujec.
svn path=/trunk/; revision=908
than a command name of "ethereal-dump-fields", to decide whether to run
as normal Ethereal or to just dump out the list of fields that can be
used in a display filter.
This allows us to continue to make that check without doing the regular
command line flag parsing (which we don't want to do, as we don't want
to call "gtk_init()" before making that check, as "gtk_init()" tries to
open an X display, and some people want not to have to have X running in
order to build Ethereal, or want not to have Ethereal try to open an X
connection over a slow line if it's just going to print field names to
the standard output), without having to make a link to "../ethereal"
from the "doc" directory (said link couldn't be a hard link, as ATK
apparently disallows hard links between directories, and I have the
vague impression that a symbolic link might cause other problems).
svn path=/trunk/; revision=902
return the pointer to the compiled filter through a pointer argument.
Have it check whether the filter is a null filter and, if so, free up
the filter and supply a filter pointer, rather than obliging its callers
to check whether the filter actually has any code. (Well, they may want
to check if the filter is null, so that they don't save a pointer to the
filter text, e.g. so that the display filter displays as "none" rather
than as a blank string in the summary box.)
In the process, fix the check in "gtk/file_dlg.c" that tests whether the
read filter compiled successfully.
svn path=/trunk/; revision=812
"cf.dfcode" if the new filter doesn't compile, because the filter
currently in effect will be the one that was last applied - just free up
the text of the new filter, and whatever memory was allocated for the
new filter code.
This means we allocate a new dfilter when a new filter is to be applied,
rather than recycling stuff from the old filter, as we want the old
filter code to remain around if the new filter doesn't compile.
This means that "cf.dfilter" and "cf.dfcode" will be null if there's no
filter in effect.
svn path=/trunk/; revision=803
file to which to write the capture; if it's NULL, create a temporary
file and use that.
Have "-w" set a local variable, which starts out null, and, for "-k"
captures, call "do_capture()" and pass it that local variable as an
argument; this lets you do "-k" without "-w", which makes it use a
temporary file for the capture.
This means "run_capture()" no longer serves a useful purpose, as its
only caller is "do_capture()"; swallow it into "do_capture()".
svn path=/trunk/; revision=748
capture is done; make it do so, and don't bother passing it a "-Q" flag
to tell it to do so.
"capture()" is called in two places; in one place, it's in a child
process, and it shouldn't read in the capture file. Move the reading of
the capture file out of "capture()" itself to the place where we
*should* read in the capture file after it returns. Also, have it
return an indication of whether it succeeded or failed, so we know
whether we should read in the capture file.
svn path=/trunk/; revision=747
"quit_after_cap", and "capture_child" from "gtk/main.c" to "capture.c",
so that the definitions don't have to be duplicated in "main.c" for
other UIs if, as, and when we do versions of Ethereal with other UIs.
svn path=/trunk/; revision=746
process for a sync mode or fork mode capture.
Have that flag control whether we do things that *only* the parent or
*only* the child should do, rather than basing it solely on the setting
of "sync_mode" or "fork_mode" (or, in the case of stuff done in the
child process either in sync mode or fork mode, rather than basing it on
the setting of those flags at all).
Split "do_capture()" into a "run_capture()" routine that starts a
capture (possibly by forking off and execing a child process, if we're
supposed to do sync mode or fork mode captures), and that assumes the
file to which the capture is to write has already been opened and that
"cf.save_file_fd" is the file descriptor for that file, and a
"do_capture()" routine that creates a temporary file, getting an FD for
it, and calls "run_capture()".
Use "run_capture()", rather than "capture()", for "-k" captures, so that
it'll do the capture in a child process if "-S" or "-F" was specified
("do_capture()" won't do because "-k" captures should write to the file
specified by the "-w" flag, not some random temporary file).
For child process captures, however, just use "capture()" - the child
process shouldn't itself fork off a child if we're in sync or fork mode,
and should just write to the file whose file descriptor was specified by
the "-W" flag on the command line.
All this allows you to do "ethereal -S -w <file> -i <interface> -k" to
start a sync mode capture from the command line.
svn path=/trunk/; revision=740
popped up the top-level window (so that it looks like a capture
started from "Capture/Start");
initialized the colors (so that we don't dump core when reading
in the capture file);
popped up any message box for failure to read the preferences
file.
This means we start the capture in "main()", rather than in the realize
callback for the main window, so get rid of that callback.
If we're a child process that's just capturing to a file for our parent
to read, however, we shouldn't pop up the top-level window, because
that's our parent's job; when running that child, set its "argv[0]" to a
special name, so that
1) it shows up in a "ps" with a special name;
2) we don't have to invent Yet Another Flag to say "you're the
child".
(We may want to use the name to turn on *all* behaviors that the capture
child, and only the capture child, should exhibit.)
If "-w" and "-k" were both specified, attempt to open the file specified
by "-w" and, if that succeeds, set "cf.save_file_fd" to refer to it, so
that "-w" plus "-k" works again, rather than popping up a "The file to
which the capture would be saved ... could not be opened: Bad file
descriptor." message box.
svn path=/trunk/; revision=739
current capture file if it's a temporary file, out of paranoia (so that
we don't get into a state where we have a capture file open but unlinked
- it's probably harmless to be in that state, as the file will remain
around until close, modulo NFS fun, and we may never be in that state
for very long, but I'd rather have it obviously stated in the code).
Remove the close in "capture()", and put one before the other call to
"capture()", in "main_realize_cb()" (is that call necessary, e.g. if you
pass "-r <filename>" *and* "-k", for some perverse reason, as
command-line arguments?).
If "cf.save_file" is non-null, free it before setting it, regardless of
whether it refers to a temporary file name or not.
svn path=/trunk/; revision=712
list of packets in real time" in the "Capture/Start" dialog box,
"ethereal -F" won't work - you get your choice of non-forked capture or
"-S".
Don't have "fork_mode" track "sync_mode"; instead, in those places where
we check for "fork_mode", check for "sync_mode" as well.
svn path=/trunk/; revision=711
and to fork off and run a separate copy of "ethereal" for "-S" and "-F"
captures or just call "capture()" otherwise, out of "gtk/capture_dlg.c"
and into a routine in "capture.c".
If the attempt to create said temporary capture file fails, pop up a
dialog box and don't do the capture.
Have the child capture process send a message upstream after it either
successfully starts the capture and syncs out the header of the capture
file, or fails to start the capture; the message indicates whether it
succeeded or failed, and, if it failed, includes a failure message.
This:
avoids the use of a signal, and thus means we don't have to
worry about whether to capture the signal, or whether to start
or stop capturing depending on whether this particular capture
is in sync mode or not;
lets us pop up the message box for the error in the parent
process if we're in sync mode, rather than doing it in the
child, which didn't work well.
Add a check button to the Capture/Start dialog box, so that we can
control, for each capture, whether it's to be done in sync mode or not.
svn path=/trunk/; revision=708
gzip. The zLib library is used for this purpose. If zLib is not available
(or it's use is disabled by the --disable-zlib option to configure), you
can still compile Ethereal but it will be unable to read compressed capture
files.
IMPORTANT:
Now all file accesses to capture files should be done through special macros.
Specifically, for any use of the following functions on capture files, replace them.
The arguments for the right-side functions are exactly the same as for the
original stdio functions.
fopen file_open
fdopen filed_open
fread file_read
fwrite file_write
fseek file_seek
fclose file_close
ferror file_error
svn path=/trunk/; revision=695
prints the protocol tree, and summary prints the fields in the summary
clist, with a header line at the beginning of the printout.
Print only packets selected by the current packet filter.
Just have "ARP" and "RARP" in the "Protocol" field for ARP packets;
whether it's a request or a reply can be seen in the "Info" field.
Add to the "Frame" section of the protocol tree the time between the
current packet and the previous displayed packet, and the packet number.
Have FT_RELATIVE_TIME fields be a "struct timeval", and display them as
seconds and fractional seconds (we didn't have any fields of that type,
and that type of time fits the delta time above).
Add an FT_DOUBLE field type (although we don't yet have anything using
it).
svn path=/trunk/; revision=666